Welcome to Shaun Luttin's public notebook. It contains rough, practical notes. The guiding idea is that, despite what marketing tells us, there are no experts at anything. Sharing our half-baked ideas helps everyone. We're all just muddling thru. Find out more about our work at bigfont.ca.

HTTP Caching Basics

Tags: http, caching

HTTP Caching Overview

  • HTTP caches all files types; it has no intrinsic notion of types.
  • Caching uses two mechanisms:
    • expiration. eliminates the need to send requests
    • validation. eliminates the need to send full responses
  • Caching should preserve semantic transparency.
    • The client should receive exactly the same response from the cache…
    • as it would have received from the origin server…
    • had the cache not been involved.
  • Caching applies the most restrictive (i.e. most semantically transparent) interpretation of conflicting cache-control mechanisms.

General Caching Timeline

The client makes a request to the origin server.

The cache intercepts the request. If the cache contains a cached response, it checks whether the cached response is fresh. If the cached response is fresh, the cache returns it to the client. Otherwise, the cache sends a validation request to the origin server.

The server receives the validation request. If the cached response is valid, the server returns a 304 not modified response. Otherwise, the server returns a first-hand response.

In either case, the cache receives the server’s response. If it’s a 304 not modified, the cache returns its cached response to the client. Otherwise, it caches the first-hand response from the server, then forwards it on to the client.

Caching Techniques

Here are some use cases and caching techniques that will make them happen.

Table: I would like the client cache to…

Purpose Headers Notes
Allow caching,
force revalidation.
Cache-Control: private, max-age=0 google.com does this.
? Cache-Control: private, no-cache, no-store, must-revalidate facebook.com does this.
? Cache-control: no-cache, no-store plus.google.com does this.
? Cache-Control: private, max-age=0, must-revalidate github.com does this.

HowTo: Inspect Headers with Fiddler

  • Open Fiddler.
  • Open the Composer tab.
  • Type a GET address (e.g. http://www.google.com, http://www.bigfont.ca, etc)
  • Turn on capture (F12).
  • Click Execute.
  • The Inspectors tab will open.
  • Click Headers.
  • This lets you view cache related headers.

Fiddler Shortcuts

  • Use F12 to toggle capture.
  • Use Ctrl + X to clear captures.

The Cache Related Headers

Common headers / directives.


  In Request In Response
Age n/a The sender’s estimate of the time since the origin server generated the response
Authorization n/a special rules for use in shared caches
Location n/a n/a
Pragma implementation specific (e.g. IE 9) same
Vary determines whether to use a fresh response without revalidation indicates by which fields the response varies
Warning n/a warn of lack of semantic transparency or entity transformations
Date date/time of message generation n/a
Expires n/a date/time after which response is stale

Cache-Control Directives

  In Request In Response
public n/a okay to store in any cache
private n/a do not store in a public cache
no-cache forces revalidation okay to store but must revalidate
no-store generally to protect privacy;
cache MUST NOT store any part of the request nor any response to it
s-maxage n/a overrides max-age & Expires in shared caches
max-age willing to accept ages up to max-age;
a zero value forces revalidation
sets the age at which entities become stale;
a zero value forces revalidation on each request
min-fresh ? n/a
max-stale willing to accept ages beyond stale n/a
only-if-cached only return a cached response n/a
must-revalidate n/a never use stale cached entries
proxy-revalidate n/a public caches must revalidate; private one do not need to
no-transform do not change the media type same

Conditional Headers

Use with methods (e.g. PUT) to make the method conditional. “Server, perform the method if and only if…”

  In Request In Response
If-Match an ETag matches n/a
If-Modified-Since the entity has been modified since n/a
If-None-Match no ETags match n/a
If-Range the entity is unchanged, the send me missing parts only n/a
If-Unmodified-Since the entity has not been modified since n/a


aspnet-caching.azurewebsites.net (coming soon, maybe)

Research Questions

  1. What file types does HTTP cache?
  2. What is the level of browser & cache support for each HTTP caching mechanism?
  3. What are the recommended cache control mechanisms?
  4. What is the default cache duration?